]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
6738bf14 | 2 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. |
bd08a2bd | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
bd08a2bd | 8 | */ |
28967cf0 | 9 | |
c5f87134 P |
10 | /* We need to use the deprecated RSA low level calls */ |
11 | #define OPENSSL_SUPPRESS_DEPRECATED | |
12 | ||
3eeaab4b | 13 | #include <openssl/opensslconf.h> |
effaf4de RS |
14 | #ifdef OPENSSL_NO_RSA |
15 | NON_EMPTY_TRANSLATION_UNIT | |
16 | #else | |
28967cf0 | 17 | |
0f113f3e | 18 | # include "apps.h" |
dab2cd68 | 19 | # include "progs.h" |
0f113f3e MC |
20 | # include <string.h> |
21 | # include <openssl/err.h> | |
22 | # include <openssl/pem.h> | |
23 | # include <openssl/rsa.h> | |
bd08a2bd | 24 | |
0f113f3e MC |
25 | # define RSA_SIGN 1 |
26 | # define RSA_VERIFY 2 | |
27 | # define RSA_ENCRYPT 3 | |
28 | # define RSA_DECRYPT 4 | |
bd08a2bd | 29 | |
0f113f3e MC |
30 | # define KEY_PRIVKEY 1 |
31 | # define KEY_PUBKEY 2 | |
32 | # define KEY_CERT 3 | |
bd08a2bd | 33 | |
7e1b7485 RS |
34 | typedef enum OPTION_choice { |
35 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
36 | OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, | |
61783db5 | 37 | OPT_RSA_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931, |
7e1b7485 | 38 | OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, |
3ee1eac2 | 39 | OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, |
6bd4e3f2 | 40 | OPT_R_ENUM, OPT_PROV_ENUM |
7e1b7485 RS |
41 | } OPTION_CHOICE; |
42 | ||
44c83ebd | 43 | const OPTIONS rsautl_options[] = { |
5388f986 | 44 | OPT_SECTION("General"), |
7e1b7485 | 45 | {"help", OPT_HELP, '-', "Display this summary"}, |
5388f986 RS |
46 | {"sign", OPT_SIGN, '-', "Sign with private key"}, |
47 | {"verify", OPT_VERIFY, '-', "Verify with public key"}, | |
48 | {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, | |
49 | {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, | |
50 | # ifndef OPENSSL_NO_ENGINE | |
51 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, | |
52 | # endif | |
53 | ||
54 | OPT_SECTION("Input"), | |
7e1b7485 | 55 | {"in", OPT_IN, '<', "Input file"}, |
dd958974 | 56 | {"inkey", OPT_INKEY, 's', "Input key"}, |
0c20802c | 57 | {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, |
7e1b7485 RS |
58 | {"pubin", OPT_PUBIN, '-', "Input is an RSA public"}, |
59 | {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, | |
5388f986 RS |
60 | {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, |
61 | {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, | |
62 | ||
63 | OPT_SECTION("Output"), | |
64 | {"out", OPT_OUT, '>', "Output file"}, | |
7e1b7485 | 65 | {"ssl", OPT_SSL, '-', "Use SSL v2 padding"}, |
61783db5 | 66 | {"raw", OPT_RSA_RAW, '-', "Use no padding"}, |
7e1b7485 | 67 | {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, |
5388f986 | 68 | {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, |
7e1b7485 | 69 | {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"}, |
9a13bb38 RS |
70 | {"asn1parse", OPT_ASN1PARSE, '-', |
71 | "Run output through asn1parse; useful with -verify"}, | |
7e1b7485 | 72 | {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, |
5388f986 | 73 | |
3ee1eac2 | 74 | OPT_R_OPTIONS, |
6bd4e3f2 | 75 | OPT_PROV_OPTIONS, |
7e1b7485 RS |
76 | {NULL} |
77 | }; | |
bd08a2bd | 78 | |
7e1b7485 | 79 | int rsautl_main(int argc, char **argv) |
bd08a2bd | 80 | { |
0f113f3e | 81 | BIO *in = NULL, *out = NULL; |
7e1b7485 | 82 | ENGINE *e = NULL; |
0f113f3e MC |
83 | EVP_PKEY *pkey = NULL; |
84 | RSA *rsa = NULL; | |
7e1b7485 | 85 | X509 *x; |
333b070e | 86 | char *infile = NULL, *outfile = NULL, *keyfile = NULL; |
7e1b7485 RS |
87 | char *passinarg = NULL, *passin = NULL, *prog; |
88 | char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; | |
89 | unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING; | |
90 | int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1; | |
91 | int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0; | |
92 | OPTION_CHOICE o; | |
93 | ||
94 | prog = opt_init(argc, argv, rsautl_options); | |
95 | while ((o = opt_next()) != OPT_EOF) { | |
96 | switch (o) { | |
97 | case OPT_EOF: | |
98 | case OPT_ERR: | |
99 | opthelp: | |
100 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
101 | goto end; | |
102 | case OPT_HELP: | |
103 | opt_help(rsautl_options); | |
104 | ret = 0; | |
105 | goto end; | |
106 | case OPT_KEYFORM: | |
0c20802c | 107 | if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat)) |
7e1b7485 RS |
108 | goto opthelp; |
109 | break; | |
110 | case OPT_IN: | |
111 | infile = opt_arg(); | |
112 | break; | |
113 | case OPT_OUT: | |
114 | outfile = opt_arg(); | |
115 | break; | |
116 | case OPT_ENGINE: | |
333b070e | 117 | e = setup_engine(opt_arg(), 0); |
7e1b7485 RS |
118 | break; |
119 | case OPT_ASN1PARSE: | |
0f113f3e | 120 | asn1parse = 1; |
7e1b7485 RS |
121 | break; |
122 | case OPT_HEXDUMP: | |
0f113f3e | 123 | hexdump = 1; |
7e1b7485 | 124 | break; |
61783db5 | 125 | case OPT_RSA_RAW: |
0f113f3e | 126 | pad = RSA_NO_PADDING; |
7e1b7485 RS |
127 | break; |
128 | case OPT_OAEP: | |
0f113f3e | 129 | pad = RSA_PKCS1_OAEP_PADDING; |
7e1b7485 RS |
130 | break; |
131 | case OPT_SSL: | |
0f113f3e | 132 | pad = RSA_SSLV23_PADDING; |
7e1b7485 RS |
133 | break; |
134 | case OPT_PKCS: | |
0f113f3e | 135 | pad = RSA_PKCS1_PADDING; |
7e1b7485 RS |
136 | break; |
137 | case OPT_X931: | |
0f113f3e | 138 | pad = RSA_X931_PADDING; |
7e1b7485 RS |
139 | break; |
140 | case OPT_SIGN: | |
0f113f3e MC |
141 | rsa_mode = RSA_SIGN; |
142 | need_priv = 1; | |
7e1b7485 RS |
143 | break; |
144 | case OPT_VERIFY: | |
0f113f3e | 145 | rsa_mode = RSA_VERIFY; |
7e1b7485 RS |
146 | break; |
147 | case OPT_REV: | |
0f113f3e | 148 | rev = 1; |
7e1b7485 RS |
149 | break; |
150 | case OPT_ENCRYPT: | |
0f113f3e | 151 | rsa_mode = RSA_ENCRYPT; |
7e1b7485 RS |
152 | break; |
153 | case OPT_DECRYPT: | |
0f113f3e MC |
154 | rsa_mode = RSA_DECRYPT; |
155 | need_priv = 1; | |
7e1b7485 RS |
156 | break; |
157 | case OPT_PUBIN: | |
158 | key_type = KEY_PUBKEY; | |
159 | break; | |
160 | case OPT_CERTIN: | |
161 | key_type = KEY_CERT; | |
162 | break; | |
163 | case OPT_INKEY: | |
164 | keyfile = opt_arg(); | |
165 | break; | |
166 | case OPT_PASSIN: | |
167 | passinarg = opt_arg(); | |
168 | break; | |
3ee1eac2 RS |
169 | case OPT_R_CASES: |
170 | if (!opt_rand(o)) | |
171 | goto end; | |
172 | break; | |
6bd4e3f2 P |
173 | case OPT_PROV_CASES: |
174 | if (!opt_provider(o)) | |
175 | goto end; | |
176 | break; | |
0f113f3e | 177 | } |
0f113f3e | 178 | } |
7e1b7485 | 179 | argc = opt_num_rest(); |
03358517 KR |
180 | if (argc != 0) |
181 | goto opthelp; | |
0f113f3e MC |
182 | |
183 | if (need_priv && (key_type != KEY_PRIVKEY)) { | |
184 | BIO_printf(bio_err, "A private key is needed for this operation\n"); | |
185 | goto end; | |
186 | } | |
333b070e | 187 | |
7e1b7485 | 188 | if (!app_passwd(passinarg, NULL, &passin, NULL)) { |
0f113f3e MC |
189 | BIO_printf(bio_err, "Error getting password\n"); |
190 | goto end; | |
191 | } | |
32d862ed | 192 | |
0f113f3e MC |
193 | switch (key_type) { |
194 | case KEY_PRIVKEY: | |
7e1b7485 | 195 | pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key"); |
0f113f3e MC |
196 | break; |
197 | ||
198 | case KEY_PUBKEY: | |
7e1b7485 | 199 | pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key"); |
0f113f3e MC |
200 | break; |
201 | ||
202 | case KEY_CERT: | |
a773b52a | 203 | x = load_cert(keyfile, keyformat, "Certificate"); |
0f113f3e MC |
204 | if (x) { |
205 | pkey = X509_get_pubkey(x); | |
206 | X509_free(x); | |
207 | } | |
208 | break; | |
209 | } | |
210 | ||
2234212c | 211 | if (pkey == NULL) |
0f113f3e | 212 | return 1; |
0f113f3e MC |
213 | |
214 | rsa = EVP_PKEY_get1_RSA(pkey); | |
215 | EVP_PKEY_free(pkey); | |
216 | ||
2234212c | 217 | if (rsa == NULL) { |
0f113f3e MC |
218 | BIO_printf(bio_err, "Error getting RSA key\n"); |
219 | ERR_print_errors(bio_err); | |
220 | goto end; | |
221 | } | |
222 | ||
bdd58d98 | 223 | in = bio_open_default(infile, 'r', FORMAT_BINARY); |
7e1b7485 RS |
224 | if (in == NULL) |
225 | goto end; | |
bdd58d98 | 226 | out = bio_open_default(outfile, 'w', FORMAT_BINARY); |
7e1b7485 RS |
227 | if (out == NULL) |
228 | goto end; | |
0f113f3e MC |
229 | |
230 | keysize = RSA_size(rsa); | |
231 | ||
68dc6824 RS |
232 | rsa_in = app_malloc(keysize * 2, "hold rsa key"); |
233 | rsa_out = app_malloc(keysize, "output rsa key"); | |
0f113f3e MC |
234 | |
235 | /* Read the input data */ | |
236 | rsa_inlen = BIO_read(in, rsa_in, keysize * 2); | |
0c20802c | 237 | if (rsa_inlen < 0) { |
0f113f3e | 238 | BIO_printf(bio_err, "Error reading input Data\n"); |
7e1b7485 | 239 | goto end; |
0f113f3e MC |
240 | } |
241 | if (rev) { | |
242 | int i; | |
243 | unsigned char ctmp; | |
244 | for (i = 0; i < rsa_inlen / 2; i++) { | |
245 | ctmp = rsa_in[i]; | |
246 | rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; | |
247 | rsa_in[rsa_inlen - 1 - i] = ctmp; | |
248 | } | |
249 | } | |
250 | switch (rsa_mode) { | |
251 | ||
252 | case RSA_VERIFY: | |
253 | rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); | |
254 | break; | |
255 | ||
256 | case RSA_SIGN: | |
257 | rsa_outlen = | |
258 | RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); | |
259 | break; | |
260 | ||
261 | case RSA_ENCRYPT: | |
262 | rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); | |
263 | break; | |
264 | ||
265 | case RSA_DECRYPT: | |
266 | rsa_outlen = | |
267 | RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); | |
268 | break; | |
0f113f3e MC |
269 | } |
270 | ||
0c20802c | 271 | if (rsa_outlen < 0) { |
0f113f3e MC |
272 | BIO_printf(bio_err, "RSA operation error\n"); |
273 | ERR_print_errors(bio_err); | |
274 | goto end; | |
275 | } | |
276 | ret = 0; | |
277 | if (asn1parse) { | |
278 | if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { | |
279 | ERR_print_errors(bio_err); | |
280 | } | |
2234212c | 281 | } else if (hexdump) { |
0f113f3e | 282 | BIO_dump(out, (char *)rsa_out, rsa_outlen); |
2234212c | 283 | } else { |
0f113f3e | 284 | BIO_write(out, rsa_out, rsa_outlen); |
2234212c | 285 | } |
0f113f3e MC |
286 | end: |
287 | RSA_free(rsa); | |
dd1abd44 | 288 | release_engine(e); |
0f113f3e MC |
289 | BIO_free(in); |
290 | BIO_free_all(out); | |
b548a1f1 RS |
291 | OPENSSL_free(rsa_in); |
292 | OPENSSL_free(rsa_out); | |
293 | OPENSSL_free(passin); | |
0f113f3e | 294 | return ret; |
bd08a2bd | 295 | } |
28967cf0 | 296 | #endif |